Securing IoT Devices With ARM TrustZone

The need for securing devices for IoT systems is becoming paramount. We'll outline how virtualization can be leveraged to enable consolidation of connected devices, and how ARM TrustZone can be utilized to address security threats.

As we observe the world in which we live, and in particular the electronic devices that surround us, we cannot help but be amazed at how quickly technology has evolved and how this pace of evolution continues to accelerate. The functionality of connected devices is rapidly increasing, and, accordingly, the value of the information stored on these devices, or information accessible through these devices is also rapidly rising. Because these value-rich devices are often connected to a network, cybercrime and cyber security concerns are also today’s front page news.

In this discussion I will address securing devices for connected and Internet of Things (IoT) systems. We’ll also look at how virtualization can be leveraged to enable consolidation and reliability of connected devices and at how ARM TrustZone can be utilized to address categories of security threats. Throughout the supply chain spanning semiconductor vendors, software developers, and system integrators, there are three interrelated topics that are consistently discussed: (1) IoT connectivity, (2) a move to ARM-based System on Chip (SoC) architectures, and (3) security.

Connected devices Most of the devices we use today are connected to at least one type of network or service. Cars are commonly connected to devices via Bluetooth and mobile data networks, and will be soon to the roadside infrastructure. Patient bedside systems connect to each other, to the hospital network, and beyond. The energy infrastructure is connected from the power grid to the home consumer device and all points in between.

This device connectivity to the Internet and the data flowing through each device are commonly referred to as the Internet of Things. Another industry megatrend we are seeing is the move to ARM-based SoCs. Device manufacturers seek to consolidate capabilities at lower power and cost. Increasingly, they are leveraging ARM TrustZone architectures for enhanced security due to the connectedness of “things.”

Regarding security, news about security vulnerabilities are commonplace and affect all industries including automotive, medical, energy infrastructure, retail, consumer, and so on. Recall the Heartbleed security vulnerability that dominated the news early in 2014? Heartbleed was a security defect that existed for years in a critical software component used by many designers in their server infrastructure and electronic devices. Cyberattacks and potential security vulnerabilities are among the hottest topics in all device segments.

If you talk to a security expert, you will likely hear terms such as “defense in depth” or “layered security.” While there are formal and informal definitions of these terms, everything boils down to creating layers of security which can defend against attacks, or delay the attack from penetrating subsequent layers. Typical layers include:

Policies and procedures: rules governing access and usage of a device

Physical: literally, a physical layer such as a fence, guard, or locked door

Data: ensuring the integrity of data that is used or stored in the system

ARM's TrustZone technology ARM’s TrustZone technology implemented in a SoC can be leveraged to address the network, application, and data aspects of the layered security model. Before addressing the specifics, it might be helpful to understand the concepts underlying ARM TrustZone.

ARM TrustZone is a hardware-based mechanism built into an ARM-based SoC that allows the resources of a system to be separated into two worlds, commonly referred to as “normal world” and “secure world.”

Privacy and security are the two much debatable issues in IoT implementation. People are still very nervous about it. But with time everyone would get ok with it. LIke how people cant live without internet, same way would happen for IoT. There also would be peer pressure to get along with it. If a car on highway can get connected on its own to the higway ambulance and hospital and insurance, that would be a big boon for mankind.